|
|
Colapse all |
Post message
[SECURITY] [DSA 1049-1] New Ethereal packages fix several vulnerabilities 2006-05-02 joey infodrom org (Martin Schulze) X7 Chat <=2.0 remote commands execution 2006-05-02 rgod autistici org #!/usr/bin/php -q -d short_open_tag=on <? echo "X7 Chat <=2.0 \"help_file\" arbitrary local inclusion\r\n"; echo "by rgod rgod (at) autistici (dot) org [email concealed]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "-> works regardless of magic_quotes_gpc settings\r\n"; echo " if avatar uploads are enable [ more ] [ reply ] Cisco Security Advisory: Cisco Unity Express Expired Password Reset Privilege Escalation 2006-05-02 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unity Express Expired Password Reset Privilege Escalation Advisory ID: cisco-sa-20060501-cue http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml Revision 1.0 For Public Release 2006 May 01 2300 UTC (GMT) [ more ] [ reply ] JSBoard XSS vulnerability 2006-05-02 Alexander Klink (alexander klink name) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================ ||| Security Advisory AKLINK-SA-2006-001 ||| ||| CAN-2006-2109 (CVE candidate) ||| ============================================ JSBoard - Cross Site Scripting Attack ================================== [ more ] [ reply ] VHCS --- Virtual Hosting Control System Cross Site Scripting 2006-05-02 outlaw aria-security net #---------------------------------------------------------- #Aria-Security.net Advisory #Discovered by: O.U.T.L.A.W #< www.Aria-security.net> #Gr33t to: A.u.r.a & R@1D3N & Smok3r #----------------------------------------------------------- Software: VHCS Link: http://www.vhcs.net Attack [ more ] [ reply ] RE: Oracle 10g 10.2.0.2.0 DBA exploit 2006-05-01 putosoft softputo (hasecorp hotmail com) Patches for 10.2.0.2.0 have been released but the bug is not solved. Patches for other plattforms (such as HPUX or AIX) have been re-scheduled. It's not important because ANY plattform (even with latest CPU) is vulnerable. An exploit for Oracle 10.2.0.2.0 was published by N1v1hD $3c41r3 and expl [ more ] [ reply ] Re: CoolMenus Event Remote File Inclusion exploit 2006-05-01 Steven M. Christey (coley mitre org) botan (at) linuxmail (dot) org [email concealed] said: >#Website : http://coolmenus.dhtmlcentral.com/projects/coolmenus > [Closed] The new URL appears to be here: http://www.dhtmlcentral.com/projects/coolmenus/ >#ColMenus Event Remote File Include Vulnerability# The CoolMenus code does not appear to be written in PHP. [ more ] [ reply ] XINE format string bugs when handling non existen file 2006-04-29 king_purba yahoo co uk Author : KaDaL-X email : king_purba (at) yahoo.co (dot) uk [email concealed] website : http://kandangjamur.net Software tested Version : 0.99.4 Vendor : http://xine.sourceforge.net Proof Of Concept : Type in your unix console something like this : kandangjamur$xine %p-%p.mp3 Then, there are two error alert box [ more ] [ reply ] CoolMenus Event Remote File Inclusion exploit 2006-04-29 AminRayden yahoo com <?php /* CoolMenus Event Remote File Inclusion exploit Cod3d by R@1D3N credit:Kurdish Security Gr33t:Oulaw - A.u.r.a - drTp - Cl0wn - b3hzad - Str0ke and all Persian Cyb3r Team Site:http://www.Aria-security.net Dork:"/event/index.php?page=" example: target:http://www.site.com/event/index.p [ more ] [ reply ] I-RATER Platinum Remote File Inclusion exploit Cod3d by R@1D3N 2006-04-29 AminRayden yahoo com <?php /* I-RATER Platinum Remote File Inclusion exploit Cod3d by R@1D3N Gr33t:Oulaw - A.u.r.a - drTp - Cl0wn - b3hzad - Str0ke and all Persian Cyb3r Team Site:http://www.Aria-security.net Dork:"Powered by I-RATER PLATINUM" example: target:http://www.site.com/admin/config_settings.tpl.php?in [ more ] [ reply ] RE: Poll: Emerging Threats 2006-04-28 H Alsaleh (haggar12 hotmail com) Jon, You failed to explain why would we take the time and knowledge to do this for you, especially when you requested the information to be privately sent only to you? ----Original Message Follows---- From: "Jon R. Kibler" To: phishing (at) securityfocus (dot) com [email concealed], binaryanalysis (at) securityfocus (dot) com [email concealed],bugtraq [ more ] [ reply ] Poll: Emerging Threats 2006-04-28 Jon R. Kibler (Jon Kibler aset com) Greetings All, First, I would like to apologize to those who received multiple copies due to cross posting -- I just wanted to ensure a variety of opinions. On to business: I would like to do a little survey among the security professionals on this list. Two Questions: 1) What do you believe w [ more ] [ reply ] 4images<-- 1.7.1 SQL Injection 2006-04-29 CrAzY CrAcKeR hotmail com >>>>>>>---------------<<<<<<< foud by CrAzY CrAcKeR Site:http://www.alshmokh.com >>>>>>>---------------<<<<<<< Bug is found in this script 4images 1.7.1 DB Error: Bad SQL Query: SELECT cat_id, cat_name, cat_description, cat_parent_id, cat_hits, cat_order, auth_viewcat, auth_viewimage, auth [ more ] [ reply ] Thyme 1.3 Cross Site Scripting 2006-04-29 outlaw aria-security net #---------------------------------------------------------- #Aria-Security.net Advisory #Discovered by: O.U.T.L.A.W #< www.Aria-security.net> #Gr33t to: A.u.r.a & R@1D3N & Smok3r #----------------------------------------------------------- » Software: Thyme 1.3 » Link: http://www.extrosoft [ more ] [ reply ] Image file crashes Finder, Safari and other apps 2006-04-29 cmertes techfak uni-bielefeld de The file http://w148.de/~cmertes/nachbarhaus1.exr will crash the Mac OS 10.4 Finder.app when it tries to preview it i.e. when opening the folder containing the file. Safari will crash when opening a html page with an <img> tag referring to this file. Preview.app and other applications are affected, [ more ] [ reply ] [SECURITY] [DSA 1047-1] New resmgr packages fix unauthorised access 2006-04-30 joey infodrom org (Martin Schulze) [SECURITY] [DSA 1048-1] New Asterisk packages fix arbitrary code execution 2006-05-01 joey infodrom org (Martin Schulze) Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability 2006-05-01 Secunia Research (remove-vuln secunia com) [ GLSA 200605-01 ] MPlayer: Heap-based buffer overflow 2006-05-01 Sune Kloppenborg Jeppesen (jaervosz gentoo org) DMCounter Remote File Include 2006-05-01 beford (xbefordx gmail com) Script: DMCounter Version: 0.9.2-b Language: PHP Problem: Remote File Include Vendor: http://sourceforge.net/projects/dmcounter Discovered by: beford <xbefordx gmail com> Description ============= Statistics software based on PHP which does not require any database support but just uses flat files. [ more ] [ reply ] TextFileBB 1.0.16 Multiple XSS 2006-04-29 r0xes ratm gmail com TextFileBB is a flat-file based bulletin board system written in PHP. There are 3 different XSS vulnerabilities in this software at the moment, which I found about half an hour ago =D Anyway, the XSS lies in these tags: [color] [size] [url] EXPLANATION: Firstly, we'll explain [color [ more ] [ reply ] XSS Attack On DirectAdmin Hosting Managment 2006-04-27 outlaw aria-security net #''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''' #Aria-Security.net Advisory #Discovered by: O.U.T.L.A.W #Outlaw (at) aria-security (dot) net [email concealed] #Gr33t to:A.u.r.a & R@1D3N & Cl0wn & Dtrap #''''''''''''''''''''''''''''''''''''''''''''''''' [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1049-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
May 2nd, 2006
[ more ] [ reply ]